Signature Detail
Short Name |
APP:NOVELL:IMANAGER-FILE-UPLOAD |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Novell iManager getMultiPartParameters Unauthorized File Upload |
Release Date |
2011/07/07 |
Update Number |
1951 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
APP: Novell iManager getMultiPartParameters Unauthorized File Upload
This signature detects attempts to exploit a known vulnerability in Novell iManager getMultiPartParameters. It is due to insufficient input validation within the getMultiPartParameters function. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with the privileges of the Administrator user.
Extended Description
Novell iManager is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. Novell iManager 2.7.3.2 and prior are vulnerable.
Affected Products
- Novell iManager 2.0.0
- Novell iManager 2.0.2
- Novell iManager 2.5.0
- Novell iManager 2.6.0
- Novell iManager 2.7.0
- Novell iManager 2.7.1
- Novell iManager 2.7.3
- Novell iManager 2.7.3.2
- Novell iManager 2.7.3 FTF2
References
- BugTraq: 43635